Radio Lockdown Directive
Major threat for Free Software on radio devices
Since June 2014 we face an EU directive that threatens all wireless devices. The Radio Equipment Directive requires all devices that are able to send and receive radio signals to be locked down. This goes much further than the FCC lockdown in the US since it doesn't only affect routers but also mobile phones, GPS receivers, and amateur radio operators.
From June 2017 hardware manufacturers will be forced to install technical measurements to protect the devices from being flashed with "non-compliant" software: firmware that hasn't been checked by the manufacturer to comply with applicable radio regulations (e.g. signal strenght, frequences). Many European states already have implemented the directive in national law without many ways how to circumvent the major lockdown.
However, we have identified possible ways how to excluded certain classes of devices from this directive. The speaker will evaluate the current situation, present additional findings and opinions of political and economic actors, and exchange ideas and knowledge with the audience.
More and more devices connect to the Internet and each other using wireless and mobile networks. These include countless devices such as routers, mobile phones, WiFi-cards and laptops. All of them, as well as all Internet-of-Things devices, today and in the future, fall under the regulation of the Radio Equipment Directive 2014/53/EU (hereinafter ‘the Directive’), adopted in May 2014 by the European Parliament and the European Council. The main purposes of the Directive are harmonisation of existing regulations, improving security of radio spectra, and protection of health and safety.
Many people agree to general purpose of the Directive. However, we express our concerns over the far-reaching consequences of Article 3(3)(i) of the Directive, which require device manufacturers to check each device software's compliance in order to comply with the Directive.
Threats of Radio Lockdown
We believe such requirement has negative implications on users' rights and Free Software, fair competition, innovation, environment, and volunteering – mostly without comparable benefits for security.
Article 3(3)(i) require device manufacturers to assess software for compliance with existing national radio regulations, a requirement which will keep users and companies from upgrading the software on devices they own, unless that software is assessed by the original manufacturer. This not only is a severe burden for device manufacturers themselves but also violating the customers' rights of free choice.
The requirement enshrined in Article 3(3)(i) will impact the freedom to conduct business of many companies relying on the abillity to provide alternative and Free Software firmware on devices. Alternative software is the foundation of many companies' products, and we should prevent economic disadvantages for these businesses.
Burdensome requirements to check every possible software's compliance will also have negative implications on innovation and charitable non-profit organisations who rely on software other than the manufacturers'. Efforts of volunteer associations helping people in need to connect to the internet, may be rendered void or severely handicapped.
Furthermore, alternative software on radio devices also promotes a sustainable economy. There are many devices still in working order which do not receive updates from the original manufacturers anymore, hence alternative software developed and improved by community efforts (such as Free Software) has a much longer support period which prevent users and customers having to dispose of still working equipment. In return, this also improves the security of users since older hardware still receives security updates after a manufacturer stops supporting those.
We are in favor of the Directive's aim to improve security of radio devices but not at the unbalanced expense of users' freedom and security in other areas. Firstly, upgrading the software of a device mostly helps increasing the devices' security. Secondly, we are convinced that such strict regulations are not necessary for typical consumer products with limited radio output power. And thirdly, we believe that such technical restrictions will not hinder people willingly violating applicable radio regulations.
Therefore, we ask EU institutions and the Member States to take these concerns into consideration and ensure that the Directive does not place blanket, unnecessary and disproportionate restrictions on the rights of consumers and businesses when implementing the Directive into national legislations.